haproxy: dedicated internal address/binding (without SSL)
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
2686eea2b1
commit
a5a2c6e335
|
@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Added
|
||||
|
||||
* haproxy: dedicated internal address/binding (without SSL)
|
||||
|
||||
### Changed
|
||||
|
||||
### Fixed
|
||||
|
|
|
@ -1,34 +1,36 @@
|
|||
---
|
||||
|
||||
haproxy_ssl_dir: "/etc/haproxy/ssl/"
|
||||
|
||||
# backward compatibility with a previously used variable
|
||||
haproxy_stats_enable: False
|
||||
haproxy_stats_ssl: True
|
||||
haproxy_stats_host: "*"
|
||||
haproxy_stats_port: "8080"
|
||||
haproxy_stats_path: "/"
|
||||
haproxy_stats_bind_directive: "{{ haproxy_stats_host }}:{{ haproxy_stats_port }} {% if haproxy_stats_ssl %}ssl crt {{ haproxy_ssl_dir }}{% endif %}"
|
||||
|
||||
haproxy_stats_internal_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{% if haproxy_stats_host == '*' or haproxy_stats_host == '0.0.0.0' %}127.0.0.1{% else %}{{ haproxy_stats_host }}{% endif %}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
||||
haproxy_stats_internal_enable: True
|
||||
haproxy_stats_internal_host: "127.0.0.1"
|
||||
haproxy_stats_internal_port: "8081"
|
||||
|
||||
haproxy_stats_external_url: "{% if haproxy_stats_ssl %}https:{% else %}http:{% endif %}//{{ ansible_fqdn }}:{{ haproxy_stats_port }}{{ haproxy_stats_path }}"
|
||||
|
||||
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
|
||||
haproxy_update_config: True
|
||||
haproxy_force_config: True
|
||||
|
||||
haproxy_socket: /run/haproxy/admin.sock
|
||||
haproxy_chroot: /var/lib/haproxy
|
||||
|
||||
haproxy_stats_access_ips: []
|
||||
haproxy_stats_admin_ips: []
|
||||
haproxy_stats_users: []
|
||||
## use crypt(8) password encryption
|
||||
# haproxy_stats_users:
|
||||
# - { login: "", password: "" }
|
||||
|
||||
haproxy_backports: "{{ haproxy_jessie_backports | default(false, true) }}"
|
||||
haproxy_update_config: True
|
||||
haproxy_force_config: True
|
||||
|
||||
haproxy_socket: /run/haproxy/admin.sock
|
||||
haproxy_chroot: /var/lib/haproxy
|
||||
haproxy_maintenance_ips: []
|
||||
haproxy_deny_ips: []
|
||||
|
||||
haproxy_ssl_dir: "/etc/haproxy/ssl/"
|
||||
|
||||
haproxy_stats_enable: False
|
||||
haproxy_stats_bind: "*:8080 ssl crt /etc/haproxy/ssl/"
|
||||
|
||||
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
||||
haproxy_backports_packages_buster: haproxy
|
||||
|
|
|
@ -45,6 +45,9 @@ userlist stats_users
|
|||
listen stats
|
||||
mode http
|
||||
bind {{ haproxy_stats_bind_directive }}
|
||||
{% if haproxy_stats_internal_enable %}
|
||||
bind {{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}
|
||||
{% endif %}
|
||||
|
||||
acl stats_access_ips src -f /etc/haproxy/stats_access_ips
|
||||
acl stats_admin_ips src -f /etc/haproxy/stats_admin_ips
|
||||
|
|
|
@ -1,2 +1,4 @@
|
|||
[haproxy_*]
|
||||
env.url {{ haproxy_stats_internal_url }};csv;norefresh
|
||||
{% if haproxy_stats_internal_enable %}
|
||||
env.url http://{{ haproxy_stats_internal_host }}:{{ haproxy_stats_internal_port }}/;csv;norefresh
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in New Issue